1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/mobile/android/base/sync/net/TLSSocketFactory.java Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,70 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +package org.mozilla.gecko.sync.net;
1.9 +
1.10 +import java.io.IOException;
1.11 +import java.net.Socket;
1.12 +
1.13 +import javax.net.ssl.SSLContext;
1.14 +import javax.net.ssl.SSLSocket;
1.15 +
1.16 +import org.mozilla.gecko.background.common.log.Logger;
1.17 +
1.18 +import ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory;
1.19 +import ch.boye.httpclientandroidlib.params.HttpParams;
1.20 +
1.21 +public class TLSSocketFactory extends SSLSocketFactory {
1.22 + private static final String LOG_TAG = "TLSSocketFactory";
1.23 + private static final String[] DEFAULT_CIPHER_SUITES = new String[] {
1.24 + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
1.25 + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
1.26 + "SSL_RSA_WITH_RC4_128_SHA", // "RC4_SHA"
1.27 + };
1.28 + private static final String[] DEFAULT_PROTOCOLS = new String[] {
1.29 + "SSLv3",
1.30 + "TLSv1"
1.31 + };
1.32 +
1.33 + // Guarded by `this`.
1.34 + private static String[] cipherSuites = DEFAULT_CIPHER_SUITES;
1.35 +
1.36 + public TLSSocketFactory(SSLContext sslContext) {
1.37 + super(sslContext);
1.38 + }
1.39 +
1.40 + /**
1.41 + * Attempt to specify the cipher suites to use for a connection. If
1.42 + * setting fails (as it will on Android 2.2, because the wrong names
1.43 + * are in use to specify ciphers), attempt to set the defaults.
1.44 + *
1.45 + * We store the list of cipher suites in `cipherSuites`, which
1.46 + * avoids this fallback handling having to be executed more than once.
1.47 + *
1.48 + * This method is synchronized to ensure correct use of that member.
1.49 + *
1.50 + * See Bug 717691 for more details.
1.51 + *
1.52 + * @param socket
1.53 + * The SSLSocket on which to operate.
1.54 + */
1.55 + public static synchronized void setEnabledCipherSuites(SSLSocket socket) {
1.56 + try {
1.57 + socket.setEnabledCipherSuites(cipherSuites);
1.58 + } catch (IllegalArgumentException e) {
1.59 + cipherSuites = socket.getSupportedCipherSuites();
1.60 + Logger.warn(LOG_TAG, "Setting enabled cipher suites failed: " + e.getMessage());
1.61 + Logger.warn(LOG_TAG, "Using " + cipherSuites.length + " supported suites.");
1.62 + socket.setEnabledCipherSuites(cipherSuites);
1.63 + }
1.64 + }
1.65 +
1.66 + @Override
1.67 + public Socket createSocket(HttpParams params) throws IOException {
1.68 + SSLSocket socket = (SSLSocket) super.createSocket(params);
1.69 + socket.setEnabledProtocols(DEFAULT_PROTOCOLS);
1.70 + setEnabledCipherSuites(socket);
1.71 + return socket;
1.72 + }
1.73 +}
